Secure passwords you will not forget

Reading Time: 2 minutes

Password are a tricky proposition, they need to be complex enough to be secure but simple enough to be remembered, let us be honest that is not an easy feat to achieve.
Today’s password are often enforced to be as follows:

  • At least 8 characters, the recommendations are between 10 and 15 characters
  • At least 1 upper case, more than one is better
  • At least 1 lower case, more than one is better
  • At least 1 numeric character, more than one is better
  • At least 1 special character, more than one is better but not { } [ ] ( ) / \ ‘ ” ` ~ , ; : . < > please

Confused yet?
The first thing most people do at this point is use their pet, child or husband’s first name and birthday and do a letter replace many scheme as follows:

Al3x@ndr1n@

I hate to break it to you but many in the IT security business would crack that with relative ease.
Then there is the like of http://passwordsgenerator.net/ or https://identitysafe.norton.com/password-generator which I use all the time for configuration passwords!
Why not for personal passwords? Because you would end up writing it down on an easily reachable piece paper, I know many people that do. Destroy it now, it is not safe!
Using a password manager, are you kidding me! Online! Adobe, LinkedIn and Yahoo spend millions of dollars securing their systems, Guess what?
They were all hacked and the password leaked!
What now?
The replacement scheme is a good place to start actually but in set of using a obvious name let us use a phrase 12 to 16 characters long

asterixisagaul

The phrase is 14 characters long, it will resist most dictionary attacks but we are not meeting the requirements? Not yet.
Let us add a simple character replacement scheme using the following rules:

  • a = @
  • e = 3
  • i = 1
  • o = 0
  • s = 5

@5t3r1x15@g@ul

We are getting there slowly but it is still too easy and we have no upper characters.
Let’s add anther simple rule, we only convert the 2nd repeating character to the character replacement above and capitalise the last letter of the 1st word and 1st letter of the last word.

asteriX15@Gaul

The fact is this password is secure but not to my taste due to the limitation of special character use, add one to the mix.

aster!X15@Gaul

This is one possibility among a great many, adapt as you see fit, mine is longer and uses more rules.
Now all you have to do is remember a few phrase and 2, 3 or 4 rules.
Bonus, the rules are reusable across phrases too.

It may not work for every password requirements but will fit about 80% of cases.

Lastly, try not to use the same password for everything, you do not want to compromise your banking because you used the same password for Twitter.

Please rate this post to enable me to improve my content
5/5

Share

Facebook
LinkedIn
Twitter
Google+
Pinterest
WhatsApp
Email

2 Responses

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Explore some more